I've published a number of ASP.NET Tips, Tricks,
Recipes and Tutorials in the past that cover ASP.NET 2.0 security.
Below is a short-list of them that you might want to review:
Resource:
ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security Resources
Recipe:
Enabling Windows Authentication within an Intranet ASP.NET Web application
Recipe:
Implementing Role Based Security with ASP.NET using Windows Authentication and
SQL Server
Recipe:
Configuring ASP.NET 2.0 Application Services to use SQL Server 2000 or SQL
Server 2005
Gotcha:
Always set the "applicationName" property when configuring ASP.NET
2.0 Membership and other Providers
Common
Gotcha: Don't forget to <clear/> when adding providers
Tip/Trick:
Source/Documentation for Simple ASP.NET 2.0 SQL Providers Published
Tip/Trick:
Guard Against SQL Injection Attacks
Tip/Trick:
Gathering Custom User Registration Information
Recipe:
How to add a Login, Roles and Profile system to an ASP.NET 2.0 app in only 24
lines of code
Gotcha:
Authorization with the built-in VS 2005 Web Server (aka Cassini)
Gotcha:
Forms Authentication timeout default changed between ASP.NET 1.1 -> ASP.NET
2.0
Tip/Trick:
How To Share Authentication Cookies across ASP.NET V1.1 and ASP.NET V2.0
Applications
For more free ASP.NET Tips, Tricks, and Tutorials I've
written, please check out my ASP.NET Tips, Tricks and Tutorials listing.
Hope this helps,
Scott